Only professional task force should handle the crime scene for evidence as any non professional law enforcer can manipulate or even destroy the vital piece of evidence which may be very crucial in the overall scenario.
Remember that corporate investigators does not seize evidence very often, more brief guidelines for processing an incident or crime scene goes as follows, keeping a journal to document the activities, securing the scene in the sense of being professional and courteous with onlookers, removing all those personnel who are not associated with investigation, taking all the proper and necessary recordings in video of the area surrounding the computer, at the same time paying attention to all the major and minor details.
Once at the crime scene, try to gather evidence to prove that the suspect violated the company policy or committed a crime, since this is a private sector investigation it includes corporate businesses, other agencies of government are not involved such as law enforcement.
The law enforcement agencies act according to the federal freedom of information act or laws of similar descent according to their territory in all process.
Determining location of the evidence and the case’s type is very crucial, it allows to determine if computers can be removed.
If the removal of the computers will cause harm to the company then it should not be done in the interest of the company, problems in investigation may arise if the files are most probably hidden, encrypted or stored in some offsite, if the computers are not allowed to be taken for investigation then the investigator must determine the resources to acquire digital evidence and the proper tools which will be needed to make data acquisition faster.
The purpose of this paper is to review the basic methodologies and the appropriate processes that a computer forensic investigator goes through in conducting an investigation.
It will give an idea to the reader about the planning and organization of an investigator who is involved in a computer related crime, the ways in which he will conduct the investigation such as basic preparation, use of the required tools and techniques, acquisition and analysis of the data, role in giving testimony, use of forensic laboratories or the guidance of all the staff working under the main investigator and even planning network forensics all of which are related to his work.
Also determine who is in charge of the respective systems (in corporate environment, usually one person’s assistance from the company is required in this regard).
Always keep some specialists who work on many different types of operating systems, servers or databases and properly educate those specialists in investigative techniques.